1
2
Where can I go to read up on encryption methods used in Bitcoin? I am particularly interested in the idea that I can use a private key to sign something and it proves to the world I have the private key but yet does not reveal the actual key. This is a topic of mystery to me, how this is done.
3
Here's a short explanation that might help you understand it. It's grossly oversimplified but just designed to help you get the general idea.
Imagine a world in which multiplication and addition were irreversible. That is, division and subtraction do not exist. It is not too difficult mathematically to create a world where division and subtraction are trillions of times more difficult than multiplication and addition, so for practical purposes, division and subtraction are impossible.
Now, let's say we all agreed on a very large number. Call it G. It's some big number we all agree on.
Now, you can pick a random number and store this someplace very safe. Call it your "private key", S (for secret). Now, multiply it by G. Call the result your "public key", P. You can tell anyone your public key. Since they can't divide it by G, your private key will stay private.
Now, say you want to "sign" something, O. What you do is you take that something, add your secret key to it, and publish the resulting number. So you publish: O+S, that's your signature
First, nobody can tell your private key from that number. They'd have to subtract, and that's not practical. And nobody else can produce that number, they'd have to know your private key to know what to add to O.
So all we need is for someone to be able to prove that's the "right" number and we're there -- and they can do that. Why? Because G * (O+S) = G * O + G * S.
They know what you claim is O+S ... the signature. G*S is your public key. And they know O. So with just some addition and multiplication, they can compute both G * (O+S) and G*O + G*S. So they can check if the number you published really is O+S if those two are equal, thus that the person who computed it knew your private key, and thus it functions as a signature.
The challenge, of course, is to create systems in which multiplication and addition are possible but subtraction and division are not. And there the math gets complicated. Bitcoin uses a system where division requires discrete logarithms and a change to the algorithm so that it doesn't matter if addition is reversible.
3
Wikipedia is a wonderful source for this. First, note that there is no encryption in the Bitcoin protocol - there are techniques from the more general field of cryptography, such as digital signatures and hashing.
Digital signatures are an example of public-key cryptography, which can be used not only for digital signatures but for a type of encryption which is different from traditional symmetric encryption.
Specifically, Bitcoin uses Elliptic Curve DSA for digital signatures and SHA-2 for hashing - here is a nice review of how they are used.
You might also want to read up on RSA which is a very well-known public-key cryptosystem, though not used in Bitcoin.
What encryption is used for the wallet passphrase encryption in the Bitcoin.org client? – Stephen Gornick – 2012-08-15T02:19:31.190
0
Small clarification - encryption is generally a topic about obscuring data so it can't be read. If you are interested in the algorithms of signing things, you are not looking for encryption, but you are looking for signature algorithms.
Signature algorithms are generally a topic about mathematically showing that only you could've sent the data, while not necessary obscuring it.
For the signature algorithms used in Bitcoin:
Generally, look into topic of Digital Signature Algorithms in general, and Elliptic Curve Digital Signature Algorithm in particular.
This topic is a field of cryptography, and is not Bitcoin specific. If you have more questions regarding it, you should check out Crypto SE.
Excellent explanation, thank you. On another note I was reading on the wikipedia link you gave and it said this: "The hardest ECC scheme (publicly) broken to date had a 112-bit key for the prime field case and a 109-bit key for the binary field case. For the prime field case this was broken in July 2009 using a cluster of over 200 PlayStation 3 game consoles and could have been finished in 3.5 months using this cluster when running continuously (see [17])." Am I correct when to think that Bitcoin uses 2^80 bit key? – shoeless joe – 2012-01-05T03:51:30.730
Bitcoin uses 256-bit keys, specifically secp256k1.
– David Schwartz – 2012-01-05T06:23:30.807